13 
CLAIMS 

1. Method of enciphering/deciphering a message to be exchanged 
between a sender and a receiver by way of a communication network, the 
5 sender and the receiver both being one among a secure device (1) and a 
defined client device (Cj) in a network of client devices (Cj, Cj), the method 
comprising the steps of: 

- performing operations of asymmetric cryptography by the secure 
device (1) and by the defined client device (Cj) respectively with the aid of a 

10 private key (n lf dj) and of a public key (nj, ej), the private key being different from 
the public key, and 

- dispatching (62, 81) at least one public data item (nj, CIDj) from the 
defined client device (Cj) to the secure device (1), 

characterized in that it comprises furthermore, during each 
15 send/receive of a message enciphered by the secure device, a step of 
determining the private key (n if dj) corresponding to the public key (n h e{) of the 
defined client device (Cj), on the basis of a secret master key (MK) stored in the 
secure device, and the or each public data item (nj, CIDj) dispatched by the 
defined client device (Cj). 
20 2. Method of enciphering/deciphering a message according to Claim 

1, characterized in that the step of dispatching (62, 81) the or each public data 
item comprises a step of dispatching a part (nj) of the public key, this part of the 
public key forming a first part of the private key. 

3. Method of enciphering/deciphering a message according to any 
25 one of Claims 1 and 2, characterized in that the step of dispatching (62, 81) the 
or each public data item comprises a step of dispatching an identifier (CIDj) of 
the client device (Cj), and the step of determining the private key comprises a 
step of calculating a second part (dj) of the private key on the basis of the said 
dispatched identifier. 

30 4. Method of enciphering/deciphering a message according to Claim 

3, characterized in that the step of determining the private key (nj, d s ) 

corresponding to the public key (nj, ej) of the client device, comprises a step of 

enciphering (44, 64, 83) the result (EClDj) of a function applied to the identifier 
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(CIDj) of the defined client device (Cj), by a symmetric algorithm, with the aid of 
the secret master key (MK). 

5. Method of enciphering/deciphering a message according to Claim 

4, characterized in that the step of determining the private key (n if dj) 
5 corresponding to the public key (n if ei) of the client device, comprises a step of 

selecting (45, 65, 84) the second part (dj) of the private key, by a deterministic 
calculation unit (8), on the basis of the result of the said enciphering of the result 
(EClDj) of a function applied to the identifier (CIDj) of the defined client device 
(Ci). 

10 6. Method of enciphering/deciphering a message according to Claim 

5, characterized in that the step of selecting the second part (dj) of the private 
key, by the deterministic algorithm, is performed by a selection of a number such 
that: 

- this number is less than the result of the said encipherment of the 
15 result (EClDj) of a function applied to the identifier (CIDj) of the defined client 

device (Cj), 

- this number is the closest to the result of the said encipherment of 
the result (EClDj) of a function applied to the identifier (CIDj) of the defined client 
device (Cj), and is prime to a list of prime numbers. 

20 7. Method of enciphering/deciphering a message according to any 

one of Claims 3 to 6, characterized in that it comprises a step of destruction (49, 
67, 87) of the identifier (CIDj) of the defined client device (Cj) and of all the data 
(Pj, qj, dj, EClDj, ej, nj) calculated on the basis of the identifier so as to determine 
the private key. 

25 8. Method of enciphering/deciphering a message according to any 

one of the preceding claims, characterized in that the cryptography operations 
comprise an operation for identifying a message comprising the following steps: 

- signature of the message (85), by the secure device (1), with the aid 
of the private key (nj, dj) determined during the step of determining the private 

30 key, 

- transmission of the signature of the message and of the message 
(86) to the client device for verification of this signature, and 
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- verification of the signature (87) of the message, by the client 
device, with the aid of the said public key (nj, e{). 

9. Method of enciphering/deciphering a message according to any 
one of the preceding claims, characterized in that the cryptography operations 

5 comprise an operation for securing a message comprising the following steps: 

- encipherment (61) of a message (m), by the client device (Cj), with 
the aid of the public key (nj, ej), 

- transmission (62) of the enciphered message to the secure device 

(1), and 

10 - decipherment (66) of the message enciphered by the secure device 

(1), with the aid of the private key (nj, dj) determined during the step of 
determining a private key. 

10. Method of enciphering/deciphering a message according to any 
one of Claims 3 to 9, characterized in that it comprises a prior phase of 

15 personalizing the said defined client device (Cj), which comprises the following 
steps: 

- generation, by the secure device (1), of a unique secret master key 
(MK) and of an identifier (CIDj) specific to the said defined client device (Cj) and 
able to identify it, 

20 - calculation of the said public key (nj, ej) of the defined client device 

(Cj) by a calculation module (5) on the basis of the second part (dj) of the private 
key. 

11. Method of enciphering/deciphering a message according to Claim 
10, in which the personalization phase furthermore comprises the following 

25 steps: 

- selection (46) of two secret data consisting of two large prime 
numbers pj, qi, such that (p s -1 ) x (qj-1) is prime to the second part (dj) of the 
private key of the defined client device (Cj), and 

- calculation (48) of a modulus nj of the defined client device (Cj) 
30 such that: 

nj = pj x qs, and 
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- calculation (48) of a part (ej) of the public key by an extended Euclid 
algorithm on the basis of the or of each secret data item ps, q t and of the modulus 
nj of the defined client device (Cj). 

12. Secure device (1) able to exchange a message with a defined 
5 client device (Cj) of a network of client devices (Cj, Cj), over a communication 

network, the secure device being able to receive at least one public data item 
(CIDj, ni) specific to the said defined client device (Cj) and dispatched by the 
latter prior to any exchange of messages, the secure device (1) comprising: 

- means for performing operations of asymmetric cryptography with 
10 the aid of a private key (nj, dj) corresponding to a public key (n u e*) stored in the 

defined client device (Cj) 

characterized in that it comprises, furthermore: 

- secure means of storage (3) of a master key (MK), 

- means (4) of determination of the said private key (dj, nj) on the 
15 basis of the master key (MK) and of the or of each public data item (CIDj, nj) 

dispatched. 

13. Secure device according to Claim 12, characterized in that the 
public data item (CIDj, nj) comprises a part (nj) of the public key of the said 
defined client device (Cj) and/or an identifier (CIDj) of the defined client device. 

20 14. Secure device according to Claim 13, characterized in that the 

private key is a mixed key comprising a first part (n s ) corresponding to a part of 
the public key (n jf ei) of the said defined client device (Cj) and a second secret 
part (dj) calculated on the basis of the master key (MK) and of the identifier 
(CIDj) of the defined client device. 

25 15. Secure device according to any one of Claims 12 to 14, 

characterized in that the means for performing operations of asymmetric 
cryptography with the aid of the private key (dj, nj) determined comprise: 

- means of signature (S) of a message (m), and 

- means of encipherment (E) of a message (m). 

,30 16. Secure device according to any one of Claims 14 to 15, in which 

the means of determination (4) of the private key comprise furthermore: 
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- a unit for symmetric encipherment (7), with the aid of the master key 
(MK), able to encipher the result (EClDj) of a function applied to the identifier 
(CIDj) of the defined client device (Cj), and/or 

- a unit for calculation (8) of a deterministic algorithm for selecting the 
5 second secret part (dj) of the private key on the basis of the result of the 

encipherment produced by the unit (7) for symmetric encipherment. 

17. Secure device according to any one of Claims 14 to 16, 
characterized in that it furthermore comprises a means of initialization of the 
client devices of the network, the said means of initialization comprising: 

10 - a means of random generation (2) of a unique master key (MK) and 

of a plurality of mutually distinct identifiers (CIDj, CIDj), each identifier being apt 
to characterize a unique client device (Cj) of the client device network, 

- a unit for calculation (9) able to select two secret data items (pj, q{) 
as a function of the value of the second secret part (dj) of the private key and to 

15 calculate a first part (nj) of the public key, and 

- a unit for calculation (10) of the second part (ei) of the public key, by 
an Extended Euclid algorithm, on the basis of the secret data (pj, qi), of the 
second part (dj) of the private key and of the first part (nj) of the public key. 

18. Computer program comprising instructions for the execution of the 
20 method steps for enciphering/deciphering a message according to any one of 

Claims 1 to 11, when the program is executed on a secure device embodied on 
the basis of a programmable calculator. 

19. Recording medium usable on a secure device embodied on the 
basis of a programmable calculator on which is recorded the program according 

25 to Claim 18. 
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